Register Login

sloganpng

top title background image

http://mail.daw.lk/rainloop/docs/abzbl9903668066esolq17vvf/

Status: finished

Submission Time: 2020-02-10 15:54:21 +01:00

Malicious

E-Banking Trojan

Trojan

Evader

Emotet

Comments

Tags

Details

Analysis ID:
207155
API (Web) ID:
311718
Analysis Started:

2020-02-10 15:56:45 +01:00
Analysis Finished:

2020-02-10 16:06:23 +01:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 17/71

malicious

malicious

IPs

IP	Country	Detection
68.66.224.40	United States
205.144.171.44	United States
71.126.247.90	United States
Click to see the 2 hidden entries
13.85.72.129	United States
104.31.69.30	United States

Domains

Name	IP	Detection
thebluebearyhillproject.com	205.144.171.44
mail.daw.lk	68.66.224.40
sportnal.azurewebsites.net	0.0.0.0
Click to see the 2 hidden entries
teeo.highoninfo.com	104.31.69.30
waws-prod-sn1-081.cloudapp.net	13.85.72.129

URLs

Name	Detection
http://mail.daw.lk/rainloop/docs/abzbl9903668066esolq17vvf/
http://themefolks.com/trendzbd/oaGZCVsJ/
http://sportnal.azurewebsites.net/calendar/Xzoo/
Click to see the 5 hidden entries
http://71.126.247.90/UOAEodt5UzLlCQ/0dW69/MxdzEiNUxNue/
http://thebluebearyhillproject.com/wp-admin/q07/
http://techotechsolution.com/wp-admin/W8m6/
http://teeo.highoninfo.com/wp-admin/1tx/
https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\Desktop\download\FE_LLZ_020120_OEP_020620.doc	0	#
C:\Users\user\317.exe	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o20fdki5.ew5.psm1	ASCII text, with no line terminators	#
Click to see the 15 hidden entries
C:\Users\user\Documents\20200210\PowerShell_transcript.855271.EW+2OSy4.20200210155835.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Desktop\download\~$_LLZ_020120_OEP_020620.doc	data	#
C:\Users\user\Desktop\cmdline.out	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\FE_LLZ_020120_OEP_020620.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Feb 10 13:58:16 2020, mtime=Mon Feb 10 13:58:24 2020, atime=Mon Feb 10 13:58:17 2020, length=272593, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gv3nqcaj.sol.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session-journal	data	#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session	SQLite 3.x database, last written using SQLite version 3019003	#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal	SQLite Write-Ahead Log, version 3007000	#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-journal	data	#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db	SQLite 3.x database, last written using SQLite version 3019003	#